package com.ruoyi.common.filter;

import cn.hutool.core.io.IoUtil;
import cn.hutool.core.lang.Validator;
import cn.hutool.core.util.StrUtil;
import cn.hutool.http.HtmlUtil;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;

import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;

/**
 * XSS过滤处理
 *
 * @author ruoyi
 */
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
	/**
	 * @param request
	 */
	public XssHttpServletRequestWrapper(HttpServletRequest request) {
		super(request);
	}

	@Override
	public String[] getParameterValues(String name) {
		String[] values = super.getParameterValues(name);
		if (values != null) {
			int length = values.length;
			String[] escapseValues = new String[length];
			for (int i = 0; i < length; i++) {
				// 防xss攻击和过滤前后空格
				escapseValues[i] = HtmlUtil.cleanHtmlTag(values[i]).trim();
			}
			return escapseValues;
		}
		return super.getParameterValues(name);
	}

	@Override
	public ServletInputStream getInputStream() throws IOException {
		// 非json类型，直接返回
		if (!isJsonRequest()) {
			return super.getInputStream();
		}

		// 为空，直接返回
		String json = IoUtil.read(super.getInputStream(), StandardCharsets.UTF_8);
		if (Validator.isEmpty(json)) {
			return super.getInputStream();
		}

		// xss过滤
		json = HtmlUtil.cleanHtmlTag(json).trim();

		final ByteArrayInputStream bis = IoUtil.toStream(json, StandardCharsets.UTF_8);
		return new ServletInputStream() {
			@Override
			public boolean isFinished() {
				return true;
			}

			@Override
			public boolean isReady() {
				return true;
			}

			@Override
			public void setReadListener(ReadListener readListener) {
			}

			@Override
			public int read() throws IOException {
				return bis.read();
			}
		};
	}

	/**
	 * 是否是Json请求
	 *
	 * @param request
	 */
	public boolean isJsonRequest() {
		String header = super.getHeader(HttpHeaders.CONTENT_TYPE);
		return StrUtil.startWithIgnoreCase(header, MediaType.APPLICATION_JSON_VALUE);
	}
}
